User Interface (UI) control for attestation process

ABSTRACT

Methods and apparatus involve attestation of items, such as user profiles, roles, assets, etc. In a computing environment, a compliance administrator initiates an attestation process, including specifying particular attributes of a user that require attestation. A workflow is launched to present the user with a workflow form in a browser page of his computing device. As part of the launch, a UI control makes calls to an attestation service to determine which attributes of the user were specified by the compliance administrator and to query an association between each of the specified attributes and a particular UI control and field value therefor. Upon obtaining the results, the particular UI control for the specified attributes are presented to the user in the workflow form, along with an attestation question UI control, and an option for the user to update at least one of their field values.

FIELD OF THE INVENTION

Generally, the present invention relates to computing devices andcomputing environments involving governance, attestation, compliance, orthe like. Particularly, although not exclusively, it relates to a UIcontrol involving attestation of items, such as user profiles, roles,assets, etc. The UI control exists conveniently in a workflow formdisplayed to a user during the attestation process.

BACKGROUND OF THE INVENTION

Companies have a growing need to adhere to governance and complianceregulations, but often do not have the tools to efficiently andeffectively manage user compliance information or user access torestricted information. In some existing products, complianceadministrators initiate the attestation process. In order to do so,however, they create specialized workflows (a.k.a. “Provisioning RequestDefinitions” or “PRDs”) which are time-consuming and require specializedskills. Also, PRDs are problematic because many such PRDs are needed permany users in a company, and PRDs often require deployment and testingintegration relative to various attestation engine(s).

In still other products, user attestation involves navigating andloading multiple browser pages on a display of their computing device inorder to make changes or updates. For example, if users are providingattestation to their profile in a company, e.g, attesting to department,geographic location, phone number, email, manager, etc., it is notuncommon for their profiles to be displayed as read-only values, insteadof editable control fields. It is also common to find links to othercomputing locations where the profiles are actually edited, and such mayinvolve many steps, many loaded pages, etc. Intuitively, such makes fora cumbersome attestation process, and adds time and processing costs.

Accordingly, a need exists in the art of user attestation to avoid theforegoing problems and complexities. The need further extends toachieving editing-in-place functionality while avoiding consequentialother problems or complexities. Appreciating users, companies,enterprises, etc. may already own or have access to compliance enginesenabling user attestation, the need further extends to retrofittingexisting products thereby avoiding the development and purchasing ofwholly new products and concomitant processes/techniques. Naturally, anyimprovements along such lines should further contemplate goodengineering practices, such as ease of implementation, unobtrusiveness,security, stability, etc.

SUMMARY OF THE INVENTION

The foregoing and other problems are solved by applying the principlesand teachings associated with the hereinafter-described UI control forattestation process. At a high level, users can view and edit attributesneeding attesting, or verification, within a single form, which avoidsprior art cumbersomeness associated with loading multiple browser pagesduring the process(es) of attestation, for example.

In various forms, methods and apparatus involve attestation of items,such as user profiles, roles, assets, etc. In a computing environment, acompliance administrator initiates an attestation process, includingspecifying particular attributes of a user needing attestation. Aworkflow is launched to present the user with a workflow form in abrowser page of his computing device. As part of the launch, a UIcontrol makes calls to an attestation service to determine whichattributes of the user were specified by the compliance administrator,including gathering associated metadata, and to query an associationbetween each of the specified attributes and a particular UI control andfield value therefor. Upon obtaining the results, the particular UIcontrol for the specified attributes is presented to the user in theworkflow form along with an attestation question UI control, includingan option for the user to update at least one of their field values.Upon the user selecting the option to update, all the field values forthe specified attributes are captured and any directories for the userare modified.

In other features, available storage (i.e., hard disk, server, etc.)houses the specified attributes of the user and their particular UIcontrols and field values. An Ajax service is provided to interface withthe UI control to make its calls and queries. An abstraction layer alsoexists by which the Ajax service and UI control communicate with theavailable storage and enter updates.

Appreciating users may already have compliance engines enabling userattestation, such as Novell, Inc.'s, Identity Manager product, theforegoing can be leveraged in this product by placing the UI control ona standard workflow form so it can do the necessary querying for theuser's attributes and display them to the user. In other instances, theforegoing is intended to be included as a control on a standard workflowform within the Identity Manager product at the Identity Manager RolesBased Provisioning Module. The invention, however, is not so limited asto be practiced by any particular product and is able to be placed onany HTML page as a standalone control and could potentially provideediting capabilities to any object defined in Novell's IdentityManager's Directory Abstraction Layer (DAL).

In any embodiment, certain advantages are realized. For instance, theforegoing respects trustee rights to put on the metadirectory that allowor restrict the logged in user's ability to see or edit theirto-be-verified attributes. It also ensures data integrity by generatinga specific UI control for each of the specified attributes. Instead ofshowing a text field for every possible attribute, for instance, itmight show a select box for attributes whose possible values come from alist, radio buttons for boolean values, a “DNLookup” UI control forvalues that point to other DNs (Distinguished Names) in themetadirectory, an “MVEditor” UI control for multi-valued attributes,etc., based on the attribute as it is defined by Identity Manager'sDirectory Abstraction Layer (DAL). In turn, this ensures that anyupdated field values are acceptable and align with the customer'sdefinitions. Furthermore, UI controls are able to handle formatting andlocalization where necessary, such as for dates and times.

In still other embodiments, the foregoing provides a solution forcompanies to easily manage a User Profile or other attestation process.Because a web application dynamically generates a user's profile witheditable control fields within a single UI control, users can attest tothe accuracy of their user profile or other attestation details using astandard workflow form. As a result, compliance administrators do notneed to create, deploy, test, customize, etc., workflow provisioningrequest definitions (aka “PRDs”). Instead, they need only specify whichattributes of a user need to be verified. When the attestation taskappears in a user's queue, the UI control generates each attribute to beverified, with formatting, validation and restricted values alreadybuilt in. Not only can the information be verified, but also it can beupdated in a user-friendly manner. Avoiding PRDs, which are known to betime-consuming and require specialized skills, also avoids scalabilityproblems as vastly different enterprises with different users, each withtheir own attributes needing attestation, avoids creating specializedworkflow processes per each enterprise. Instead, any enterprise can usean out-of-the-box product with a single UI control that allows them toselect attributes through a simple attestation management interface.

Executable instructions loaded on one or more computing devices forundertaking the foregoing are also contemplated as are computer programproducts available as a download or on a computer readable medium. Thecomputer program products are also available for installation on anetwork appliance or individual computing devices.

These and other embodiments of the present invention will be set forthin the description which follows, and in part will become apparent tothose of ordinary skill in the art by reference to the followingdescription of the invention and referenced drawings or by practice ofthe invention. The claims, however, indicate the particularities of theinvention.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings incorporated in and forming a part of thespecification, illustrate several aspects of the present invention, andtogether with the description serve to explain the principles of theinvention. In the drawings:

FIG. 1 is a diagrammatic view and flow chart in accordance with thepresent invention of a representative computing environment for UIcontrol in an attestation process;

FIG. 2 is a diagrammatic view in accordance with the present inventionof a screenshot of browser page loaded on a display of a computingdevice, including a workflow form and UI control; and

FIG. 3 is a diagrammatic view in accordance with the present inventionof a representative computing environment, including computing devicesfor use in a UI control for an attestation process.

DETAILED DESCRIPTION OF THE ILLUSTRATED EMBODIMENTS

In the following detailed description of the illustrated embodiments,reference is made to the accompanying drawings that form a part hereof,and in which is shown by way of illustration, specific embodiments inwhich the invention may be practiced. These embodiments are described insufficient detail to enable those skilled in the art to practice theinvention and like numerals represent like details in the variousfigures. Also, it is to be understood that other embodiments may beutilized and that process, mechanical, electrical, arrangement, softwareand/or other changes may be made without departing from the scope of thepresent invention. In accordance with the present invention, methods andapparatus are hereinafter described for a UI control for an attestationprocess, especially attestation in the form a “user profile” as in thefollowing examples.

With reference to FIG. 1, a computing environment for undertakingattestation is given generally as 100. At a high level, it includes oneor more computing devices (described more in relation to other figures),a compliance administrator 110, an attestation service 120, a workflowwith form 130 and UI control 140, and available storage 150.

In more detail, the compliance administrator is typically a human(s)engaged/employed by a company or enterprise that attends toadministrative tasks regarding the governance, compliance, etc., of thecompany's regulations, procedures, rules, etc. for reasons of internalor external reporting, auditing, tracking, etc., or for other reasons.They are also the entity that regularly involves itself with the detailsof tasking other parties or employees of the company (generically“users”) to provide attestation to items of governance, compliance, etc.Typically, attestation appears in the form of user work profiles, userroles, user or company assets, materials, shipping, or any other item acompany, business, etc. may have need to track for compliance reasons,docketing reasons, tracking reasons, etc. During user, the complianceadministrator routinely checks when events are due for reports,docketing, etc. and initiates tasks for users to attest to the items. Inthe age of computers, attestation is now regularly automated and heavilyinvolves computing devices, thereby improving record-keeping, storage,auditing, etc., but in some instances, may still be done manually by wayof phone calls, filling out paperwork, or the like. As described herein,however, the focus of attestation will be that exercised in a computingenvironment. Also, modern times may replace a human complianceadministrator with an automated process, machine, computing device,etc., and the claims are not limited to any particular embodiment unlessspecified.

With reference to both FIGS. 1 and 2, the compliance administrator 110initiates (I) an attestation process by making a request of theattestation service 120 for, in this example, a user profileattestation. As part of this request, the compliance administratorspecifies to the attestation service which attributes of the user needor require verification. For instance, in the context of attestationregarding a user's profile, attributes of the user would likely consistof the user's name, address, job title, job department, manager(s),contact information (e.g., email and phone numbers for home, work, andmobile), etc. However, in the context of attestation regarding an assetof the company, such a user's laptop, attributes would likely consist ofthe user's name, title, department, or other such identifyinginformation, but would also likely include the make, model, serialnumber, etc of the laptop to be identified. Similarly, an attestation ofuser role would likely consist of attributes identifying the user, asbefore, but would further likely include a description of their jobtitle, a corporate line item, educational requirements for the role,etc. Of course, a near infinite possibility exists regarding the typesof attestation that may be required in the process, as well as the manypossible attributes thereof. Thus, the following example is onlyillustrative.

Also, the available storage 150, is one such location for repositing theattributes of a user requiring attestation, as well as the valuestherefor. Namely, an attribute of “first name” 151 will have aparticular value of “Jay” 152 (FIG. 2 in field 153) for a user havingthe name Jay West 154. On the other hand, an employee having the nameJohn Doe, will also have a “first name” attribute, but its correspondingvalue will be “John,” and so on for other attributes and their values,for all the users. Of course, storage can be any of a variety of localor remote (or both) storage, and skilled artisans understand it toinclude computing structures such as hard drives, servers, tape disks,computer readable media (e.g., CD's, floppy disks, etc.) or the like.The storage may also be arranged in a variety of ways, includingdirectories (eDirectory 157), and/or include various interfaceintermediaries facilitating the retrieval or updating of storedinformation, such as an abstraction layer (e.g., DAL 158).

After initiation of the attestation process, the attestation servicelaunches a workflow, step 1. By way of a suitable workflow engine 160,an attestation task is generated for the user, step 2. By this task, theuser verifies their profile (and attributes/values/etc. thereof) andsuch occurs by way of a display to the user in a workflow form 130 on abrowser page 170 loaded on their computing display 408 (also FIG. 3), asis typical. However, what is heretofore unknown, the forgoing furtherincludes a UI Control 140 (a “User Profile” UI Control, in thisexample), for at least the purposes of dynamically creating on thesingle workflow form 130 each of the attributes 190, and theircorresponding field values, and a particular type of UI control 195 foreach. In this manner, users can view and edit those attributes needingattesting, or verification, and do so within a single form, whichavoids, as before, cumbersomeness associated with loading multiplebrowser pages.

In still more detail, the actual construction of the attributes, fieldvalues and particular controls, includes the UI Control 140 issuingcalls (Ajax calls, in this instance, by way of an Ajax service 180)first, back to the attestation service 120, step 3 a, to find out whichattributes of the user were specified by the compliance administratorwhen starting the attestation process. Second, the UI control 140 alsomakes queries of the available storage 150 (by way of the DAL 158), step3 b, to associate the specified attributes with their correspondingfield values and particular UI controls 195. As seen in the on-goingexample of Jay West as the user, Jay West's attribute “first name” 151has a field value 152 of “Jay” and is a type of attribute 198 that ismulti-valued. In turn, a multi-value editor (MVEditor) 199 is theparticular control corresponding thereto, and such is generated in theworkflow form 130 for Jay's attestation as best seen in FIG. 2.

Similarly, the attribute “Department” 156 has a field value of “medical”157 in field 159, and its particular UI control is a select box, 162. Ata higher level, select boxes are representative of those items that arelist controlled 197. Alternatively still, certain attributes, such as“Region” 199 have their field value indicated as “Northeast” 201, aredefined as read-only because the user, Jay West, does not have editingrights for this attribute. On the other hand, if Jay's manager hasrights to edit the attribute “Region,” and she would be the one taskedto undertake the attestation process, the attribute 199 would show as aneditable attribute for her. Of course, these are only examples and anytype of UI control can be associated with any attribute, or field value,etc., for any user, and the examples are merely illustrative, notlimiting.

Notwithstanding the clarification, certain other attributes, UIcontrols, etc., include: radio buttons for boolean values, a “DNLookup”UI control for values that point to other DNs (Distinguished Names) inthe metadirectory, or a Default entry, as seen in directory 101. In anyembodiment, generating a specific UI Control for each of the specifiedattributes ensures data integrity, as opposed to generating un-editablefields as in the prior art or commonplace controls such as a text fieldfor every possible attribute. Furthermore, UI controls in certainembodiments of this invention handle formatting and localization wherenecessary, such as for dates and times.

As best seen in FIG. 2, which is a screenshot of an actual prototype ofthis invention, the particular UI Controls for each attribute 190 of JayWest 154 are generated in the single workflow form 130, along with anattestation question UI Control 220 and a corresponding SubmitAttestation button 225. In this manner, Jay West can respondstraightaway to the attestation question, if everything is correct inhis UI Control 140, or can update any of his attributes. In the former,the workflow is completed when the user submits the workflow formattesting to the validity of the user's attributes, step 5, FIG. 1. Inthe latter, Jay West updates his profile by entering new field values(such as by typing, or selecting a drop-down item, etc.) in the fieldsprovided, e.g., 153, 159, etc., and selects the update option 230. Then,all the updated and original field values are captured and the UIControl 140 communicates its capture with the available storage 150, viathe DAL 158, to update Jay West's information, step 4, FIG. 1.

In step 6, FIG. 1, if the compliance administrator 110 wants to view anyresults of the attestation process, the attestation service 120 canquery the workflow engine 160 for information. In this regard, auditingrights, logging features, traditional bookkeeping entries, etc., arecontemplated and skilled artisans readily understand them.

In computing description, the foregoing UI controls comprise aJavaScript object, in addition to the Ajax service, to communicate withthe server and is rendered with the help of a JavaScript template.During use, when the JavaScript object initiates rendering, the Ajaxservice determines the list of attributes from the Attestation Serviceand queries the DAL for the attribute values of the user to be verified,as well as the logged in user's edit rights for each of the attributesspecified by the compliance administrator. Then, for each non-editableattribute, each value is resolved and/or formatted to the logged inuser's locale. Alternatively, for each editable attribute, the HTMLmarkup for the appropriate UI Control is generated via a call to aUIControlHelper. In turn, the localized attribute display labels, fieldvalues, and UI Control markup are returned to the JavaScript object. TheJavaScript object then runs an HTML template, which iterates through theattributes and writes out the display labels, field values and/or UIControl HTML markups. The Update button is also generated. Finally, theJavaScript object calls a JUICE renderer to render the UI Controls. Insituations when the Update button is activated, or clicked, theJavaScript object collects all the values in each UI Control, and sendsthem back to the Ajax service to update the directory through the DAL.

In any embodiment, skilled artisans will appreciate that implementationtouches upon computing system environments, computing devices, computerprogram products, or the like. With reference to FIG. 3, arepresentative computing environment 400 for UI control for anattestation process includes computing devices 402 for the user andcompliance administrator arranged as individual or networked physical orvirtual machines, including or not a back end host 404 and/or otherclients arranged with a variety of other networks and computing devices.In a traditional sense, an exemplary host 404 typifies a server, such asa grid or blade server. Brand examples include, but are not limited to,a Windows brand Server, a SUSE Linux Enterprise Server, a Red HatAdvanced Server, a Solaris server or an AIX server. A computing device402, on the other hand, may also include a server 406 or be arranged asa general or special purpose computer in the form of a conventionalfixed or mobile (e.g., laptop) computer having an attendant monitor 408and user interface, such as a keyboard 410 and a pointing device 412.The computer internally includes a processing unit for a residentoperating system, such as DOS, WINDOWS, MACINTOSH, LEOPARD, VISTA, UNIX,and LINUX, to name a few, a processor (P), memory (M), and a bus thatcouples various internal and external units, e.g., “Other” 414, to oneanother. Representative “other” items 414 include without limitationPDA's, cameras, scanners, printers, microphones, joy sticks, game pads,satellite dishes, hand-held devices, consumer electronics,minicomputers, computer clusters, main frame computers, a message queue,a peer computing device, a broadcast antenna, a web server, an Ajaxclient, a grid-computing node, a virtual machine, a web serviceendpoint, a cellular phone, and the list goes on. The other items mayalso be stand alone computing devices in the environment 400 or thecomputing device 402 itself.

Storage devices are contemplated and may be remote or local while theline is not well defined, local storage generally has a relatively quickaccess time and is used to store frequently accessed data, while remotestorage has a much longer access time and is used to store data that isaccessed less frequently. The capacity of remote storage is alsotypically an order of magnitude larger than the capacity of localstorage.

Regardless of form, the foregoing further contemplates computerexecutable instructions, e.g., software, as part of: computer programproducts on readable media, e.g., disk for insertion in a drive ofcomputer 406; as a download of executable instructions resident with adownstream computing device or received from an upstream computingdevice or readable media; as a download of executable instructionsresident on an upstream computing device or readable media awaitingtransfer to a downstream computing device or readable media; or anyavailable media, such as RAM, ROM, EEPROM, CD-ROM, DVD, or other opticaldisk storage devices, magnetic disk storage devices, floppy disks, orany other medium which can be used to store the instructions thereof andwhich can be assessed in the environment.

It will be therefore appreciated that the system 400 shown in FIG. 3 isconfigured to perform the attestation tasks as set forth above, and thatcomputer software for performing those tasks is contemplated. Inparticular, using the workflow form 130 shown in FIG. 2, executableinstructions are configured, one, to determine an associated UI controlfor each of the attributes 190 of the user having been specified by thecompliance administrator and, two, to generate for a browser page of thecomputing device the associated UI control 195 along with an attestationquestion UI control 220. Further still, the executable instructions areconfigured to generate the option 220 for the user to update at leastone field value in the browser page corresponding to one of theattributes thereby avoiding needing multiple browser pages to be loadedduring use. Other executable instructions are configured for capturingall the field values for the specified attributes upon the userselecting the option to update, to determine whether the user hasediting rights for field values associated with the specifiedattributes, to generate the associated UI control for the specifiedattributes as read-only or according to a locale of the user upon theuser not having editing rights, or for any other feature.

In network, the host 404 and computing device 402 communicate with oneanother via wired, wireless or combined connections 418 that are eitherdirect 418 a or indirect 418 b. If direct, they typify connectionswithin physical or network proximity (e.g., intranet). If indirect, theytypify connections such as those found with the internet, satellites,radio transmissions, or the like, and are represented schematically aselement 420. In this regard, other contemplated items include servers,routers, peer devices, modems, T# lines, satellites, microwave relays orthe like. The connections may also be local area networks (LAN), metroarea networks (MAN), and/or wide area networks (WAN) that are presentedby way of example and not limitation. The topology is also any of avariety, such as ring, star, bridged, cascaded, meshed, or other knownor hereinafter invented arrangement.

In any configuration, certain advantages of the invention over the priorart should now be readily apparent. For example, the present inventionsets forth structures and methods for UI controls in an attestationprocess, which significantly reduce computation and cumbersomenessassociated with the prior art, as described. Also, the foregoing: 1)allows a user to view and edit his user profile within a standardworkflow form; 2) by leveraging the existing workflow engine of Novell'sIdentity Manager, allows the retrofit placement of a UI control 140 on astandard workflow form 130 such that all necessary querying for theuser's attributes are readily displayed to the user; 3) respects trusteerights when putting metadirectory that allows or restricts the user'sability to see or edit his or her attributes of the profile to beverified; 4) enables different enterprises with different userattestation requirements not to have to create their own workflowprocesses, which are time-consuming and require specialized skills; 5)ensures data integrity by generating a specific UI Control for each ofthe specified attributes, instead of showing a text field for everypossible attribute or all read-only options; 6) ensures that the updatedvalues of users are acceptable and align with the customer's DALdefinitions; and 7) enables placement on any HTML page as a standalonecontrol, not just workflow forms, and could potentially provide editingcapabilities to any object (aka “entity”) as defined in Novell IdentityManager's Directory Abstraction Layer, to name a few.

Although the foregoing has been described in terms of specificembodiments, one of ordinary skill in the art will recognize thatadditional embodiments are possible without departing from the teachingsof the present invention. This detailed description, therefore, andparticularly the specific details of the exemplary embodimentsdisclosed, is given primarily for clarity of understanding, and nounnecessary limitations are to be implied, for modifications will becomeevident to those skilled in the art upon reading this disclosure and maybe made without departing from the spirit or scope of the invention.Relatively apparent modifications, of course, include combining thevarious features of one or more figures with the features of one or moreof other figures.

1. In a computing system environment, a method of attestation by a user on a first computing device, comprising: via a compliance administrator on a second computing device, initiating a user attestation process including specifying which attributes of the user need attestation; launching a workflow to ultimately present the user with a workflow form in a browser page of the first computing device; making calls to determine which said attributes of the user were said specified by the compliance administrator; querying for an association between the specified attributes and a particular UI control and field value therefor; and thereafter, generating the particular UI controls for the specified attributes along with an attestation question UI control, the generating including an option for the user to update at least one of the field values thereby avoiding needing multiple browser pages to be loaded on the first computing device during the method of attestation.
 2. The method of claim 1, wherein the initiating the user attestation profile further includes invoking an attestation service.
 3. The method of claim 2, wherein the attestation service performs the launching the workflow.
 4. The method of claim 1, wherein the launching the workflow further includes launching a control that undertakes the making calls and the querying for the association.
 5. The method of claim 1, upon the user selecting the option to said update, capturing all the field values for the specified attributes.
 6. In a computing system environment, a method of attestation by a user on a first computing device, comprising: via a compliance administrator on a second computing device, initiating a user attestation process including specifying which attributes of the user need attestation; launching a workflow to present the user with a workflow form in a browser page of the first computing device, the workflow form including a UI control; by the UI control, making calls to determine which said attributes of the user were said specified by the compliance administrator and to query an association between each of the specified attributes and a particular UI control and field value therefor to thereafter generate the particular UI control for the specified attributes along with an attestation question UI control, the generating being done with an option for the user to update at least one of the field values.
 7. The method of claim 6, upon the user selecting the option to said update, capturing all the field values for the specified attributes.
 8. The method of claim 7, further including updating a directory for the user based on the captured all field values.
 9. The method of claim 6, determining whether the user has editing rights for the field values of the specified attributes.
 10. The method of claim 9, if the user does not have editing rights for at least one of the field values of the specified attributes, the generating the associated UI control for the specified attributes further including generating the at least one of the field values as read-only.
 11. The method of claim 9, if the user does not have editing rights for at least one of the field values of the specified attributes, the generating the associated UI control for the specified attributes further including resolving the at least one of the field values according to a locale of the user.
 12. In a computing system environment, a method of attestation by a user on a first computing device, a user attestation process having been initiated including attributes of the user needing attestation having been specified, comprising: determining an associated UI control for each of said attributes of the user having been specified; and generating for a browser page of the first computing device the associated UI control along with an attestation question UI control for the user attestation profile, the generating including an option for the user to update at least one field value in the browser page.
 13. In a computing system environment, a method of attestation on a loaded page of a browser on a display of a first computing device by a user, comprising: via a compliance administrator on a second computing device, initiating a user attestation process by way of an attestation service, the initiating including specifying which attributes of the user need attestation; by the attestation service, launching a workflow for the browser, including a UI control; by the UI control, making two sets of Ajax calls first to the attestation service for determining which said attributes of the user were said specified by the compliance administrator, and second to a directory for querying an association between each of the specified attributes and a particular UI control and value therefor to thereafter dynamically generate a single form of the workflow in the browser, the form having for said each of the specified attributes the particular UI control and the value along with an attestation question UI control for the user's attestation, the generating including an option on the loaded page for the user to update at least one of the values thereby allowing the user to view and edit their profile within the single form.
 14. A computing system for user attestation, comprising: a plurality of computing devices each including a processor, memory and available storage upon which computing instructions can be executed during said user attestation, at least one of the computing devices having a display upon which a browser can be opened to view a loaded page; and an attestation service by which a compliance administrator acting via one of said computing devices can initiate an attestation process for the user including specifying which attributes of the user need attestation, the attestation service being configured to launch a workflow form in the browser including a UI control configured to make calls to the attestation service to determine which said attributes of the user were said specified and to make a query of the available storage regarding the specified attributes and an associated UI control and field value therefor to thereafter generate the associated UI control for each of the specified attributes in the form along with an attestation question UI control, the form including an option for the user to selectively update at least one of the field values.
 15. The computing system of claim 14, further including an Ajax service by which the UI control makes said calls and said query.
 16. The computing system of claim 15, further including an abstraction layer for the Ajax service and UI control to communicate with the available storage.
 17. The computing system of claim 14, wherein the attestation service further includes a workflow engine.
 18. The computing system of claim 14, wherein the available storage further includes a directory for a plurality of users, including the specified attributes of said user and the associated UI control and field value therefor.
 19. A computer program product available as a download or on a computer readable medium for loading on a computing device in a computing system environment for user attestation of an attestation process having been initiated including attributes of the user needing attestation having been specified, the computer program product, comprising: executable instructions configured to determine an associated UI control for each of said attributes of the user having been specified; and executable instructions configured to generate for a browser page of the computing device the associated UI control along with an attestation question UI control for the process.
 20. The computer program product of claim 19, further including executable instructions configured for generating an option for the user to update at least one field value in the browser page corresponding to one of said attributes thereby avoiding needing multiple browser pages to be loaded on the computing device during the method of attestation.
 21. The computer program product of claim 20, further including executable instructions configured for capturing all field values for the specified attributes upon the user selecting the option to said update.
 22. The computer program product of claim 19, further including executable instructions configured for determining whether the user has editing rights for field values associated with the specified attributes.
 23. The computer program product of claim 22, further including executable instructions configured for generating the associated UI control for the specified attributes as read-only or according to a locale of the user upon the user not having said editing rights. 